Last updated: 16.10.2023

Applies from: 2023.06.00 and later

Logging in with Azure Active Directory

If you use Microsoft’s Azure cloud service, you can allow users to log in to Opter with their Azure AD accounts. When the user enters the email address in the login window in Opter, login.microsoftonline.com opens in a browser where they are asked to enter the password for their Azure Active Directory account. Logging in with Azure AD requires two-factor authentication via the Microsoft Authenticator app or an SMS code.

Step 1: Registering Opter in Azure

For Opter and Azure to communicate, Opter must be registered in Azure. It is basically like creating a user account for the program. Proceed as follows:

1. Log in to portal.azure.com and search for “app registrations”.

2. Click on New registration in the top left corner.

3. Enter a descriptive name for the link under Name, for example “Opter Authentication”.

4. Select the default option under Supported account types, which means that only user accounts that are present in your organisation can log in to Opter via Azure.

5. Select Public client/internal (mobile and desktop) under Redirect URI (optional) and type “http://localhost/opterclient” in the field on the right.

   Note:

   It says that the redirect URI is optional in Azure, but to be able to log in to Opter you need to fill in that field.

6. Click on Register at the bottom left.

Opter is now registered in Azure. Keep the page open, as the strings will be needed for the next stepApplication ID (client) and Directory (tenant) ID.

Step 2: Enabling Azure AD login in Opter

Click on Settings > System settings and select Microsoft Azure AD under Login. Fill in the following fields with the information from the app registration completed in step 1:

• Application (client) ID (1)

• Directory (tenant) ID (2)

Step 3: Adding the person as an employee

If the user is already listed as an employee, move on to step 4.

1. Click on Register > Employees.
2. Click on and enter the first name and last name. These are the only fields that have to be filled in to create an employee, but additional information may need to be provided at a later stage depending on how the employee will use the system.
3. If the employee that is created is not a driver, deselect the Driver checkbox. Otherwise leave it selected.

4. Click on to save all changes.

Step 4: Configuring a user account for the employee

Click on Settings > Access rights. If they are a new user, create a new user account by clicking on in the toolbar. To change an existing user, double-click on them in the list to open. Then proceed as follows:

1. Enter the username of the Azure AD account in the Username field. The username is the main name in Azure, which is an email address, such as “john.smith@courierservices.com” or “john.smith@courierservices.onmicrosoft.com”. All user names can be found under Users at portal.azure.com.

2. Select Login with Azure AD.

3. Select which employee is to be connected to the user account in the Employee drop-down list. If the desired person is not listed as an employee, they can be added by clicking on next to the drop-down list.

4. If you use Opter Cloud, select the Remote access checkbox. If it is not selected, the user cannot log into Opter.

5. Assign the relevant access rights to the user, either by dragging one of the groups under Available groups to Selected groups, or by right-clicking on individual functions in the tree structure on the right and selecting an access right. For more information on permissions, see Setting access rights for users.

6. Click on to save all changes.

When users open Opter, they have to choose how to log in. If you change all users to log in with Azure AD accounts, Opter (username, password) can be deselected in the system settings, and they will not have to choose the login method.

When users log in, they can choose to log in automatically the next time they open Opter. This option should not be used on computers shared by multiple users. Click on File > Log out to forget the saved login credentials.

---